IMHO It is dangerous to / you can never assume none of the users are hostile any userid can be an ingress, point did you read the hbgary story ? http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars
It is easier to bolt the barn door than find the horse... <http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars> On Sat, Apr 30, 2011 at 9:44 PM, Yanik Doucet <[email protected]> wrote: > The way I see it, users shouldn't be able to use sudo system wide à la > Ubuntu. Having a customized sudoers config would be highly recommended. > There isn't that much tasks a user would want to do as root, aside from > applying updates. And I would configure it password-less too. That way if > a simple user gets compromised by some script on a webpage, script can't > sniff the user's password. > > As for doing root tasks, the best practice would be to alt-f1 for example. > Anything done in a real TTY can't be sniffed as it's outside of X. > > I did try the simple example given in the link, and it actually sniffed > when a key is pressed and when it is released. But it only gives a key > number and I just can't find the documentation with the keyboard keys > mapping. It's not ascii. Any ideas? > > > > On Sat, Apr 30, 2011 at 8:01 PM, Jeremy <[email protected]> wrote: > >> On 11-04-30 02:39 PM, Leslie S Satenstein wrote: >> >>> I understood that X was not designed with security in mind. I have this >>> question, given a small environment of 3-4 users, all of which are >>> locally attached. >>> >>> Is my use of root, given these users are all local on the system with >>> Gnome, a risk if none of the users are hostile? >>> >>> If someone logs into the system with remote desktop, (not happening >>> during the day), is he able to see all the keypresses, as outlined in >>> the link I was referred to in the previous emails? >>> >>> If he/she has to be on the system, and go through the effort to capture >>> my Gnome keystrokes, then what is the danger of a breech from remote >>> logon (secure telnet via putty)? Just because a danger is possible from >>> a local user only, what is the risk to using root under Gnome? Is the >>> risk any less with Gnome3 or XFCE? The local user's are doing authoring >>> of material and may from time to time, access Google or other search >>> engine. >>> >> >> I think it is easiest to say that elevating privileges is a better way to >> do handle it. Give the program you want to run root privileges, not the >> user. >> >> If you make a shortcut (application starter) and just put sudo (or gksudo) >> before the command it will pop up a password prompt and just that process is >> running with root privileges. >> >> A good trick as well is to use the sudoers file and specify programs users >> should be allowed to run, and you can also specify that no password is >> needed for certain users on certain programs. >> >> There just is no good reason to run as root, since all it takes is a sudo >> call to get there. Plus no need to log out and log in again as root to do >> things. >> >> I'll let someone else answer whether keystrokes can be captured and so on >> ;) >> >> Jeremy >> _______________________________________________ >> mlug mailing list >> [email protected] >> https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca >> > > > _______________________________________________ > mlug mailing list > [email protected] > https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca > > -- ___..___........__.......__ ...|....|__/....|...|......|...|__| ...|....|.....\...|...|__..|...|....| "You must be the change you wish to see in the world." Mohandas K Gandhi
_______________________________________________ mlug mailing list [email protected] https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
